Reset Search
 

 

Article

How to decrypt the 802.11(WLAN) encrypted packets using Wireshark

« Go Back

Information

 
Question
How to decrypt the 802.11(WLAN) encrypted packets using Wireshark
 
Answer
It is required to provide the Wi-Fi password in the Wireshark sniffer tool to decrypt the WEP and WPA/WPA2 in pre-shared (or personal) mode. WPA/WPA2 enterprise mode decryption is not yet supported. 
You can add decryption keys using Wireshark's 802.11 preferences or by using the wireless toolbar. Up to 64 keys are supported.

Adding Keys in Wireshark: 802.11 Preferences below mentioned procedure to be followed.

1. Go to Edit -> Preferences -> Protocols -> IEEE 802.11
2. In this window, select "Enable decryption" 
3. Go to Decryption Keys->Edit
4. To add the Decryption key, select "New"
5. In the "Key Type" select one among the security types listed "WEP/WPA-PWD/WPA-PSK", according to the AP(Router)'s security configuration.
6. In the "Key" tab provide the appropriate password.

WEP security Key:
WEP 40-bit key - 10 digit numeric value. like "1234567890"
WEP 104-bit key - 26 digit alpha-numeric (a-z, A-Z, 0-9) characters like "12345678901234567890abcdef"

WPA/WPA2 Personal encryption methods using TKIP or AES-CCMP encryption algorithms:
WPA-PWD or Passphrase - Minimum of 8 to 63 byte printable ASCII or alpha-numeric characters.
This is the Wi-Fi password or passphrase of the AP.

WPA-PSK - 64 byte hexadecimal characters (Pre-Shared Key) generated using the SSID and passphrase of the AP.
This link shows how the PSK can be generated using the SSID and passphrase.

 
Attachment(s) 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255